Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/lTFMaBlSC2sWjMJnNeljZ27Tej8.roa
File:                     lTFMaBlSC2sWjMJnNeljZ27Tej8.roa (raw, json)
Hash identifier:          CklBDx6wSWzRVVr92sU6Lp1fi2ioI63G4IEaGCFKn9U=
Subject key identifier:   95:31:4C:68:19:52:0B:6B:16:8C:C2:67:35:E9:63:67:6E:D3:7A:3F
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019D19D6A4ABCFCD722BC2813F4A36A08DCC
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/lTFMaBlSC2sWjMJnNeljZ27Tej8.roa
Signing time:             Mon 23 Mar 2026 08:36:30 +0000
ROA not before:           Mon 23 Mar 2026 08:36:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51659
IP address blocks:        89.125.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 22:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:19:d6:a4:ab:cf:cd:72:2b:c2:81:3f:4a:36:a0:8d:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Mar 23 08:36:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=95314c6819520b6b168cc26735e963676ed37a3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:52:86:b3:c7:f0:a4:1e:14:8b:19:97:0f:aa:
                    c9:2a:84:da:3b:da:8b:f4:75:b8:6a:f2:23:3e:7a:
                    1e:b2:0e:be:6b:cc:fd:92:cb:fb:ba:a3:50:27:bc:
                    29:a2:53:86:12:d9:37:30:0a:95:ea:a4:77:71:3c:
                    ad:af:42:2f:d5:c1:7d:c9:2e:e4:5e:2b:ce:86:1e:
                    b4:68:bf:dd:1e:bd:af:b3:0d:4b:cd:ea:84:26:8a:
                    ac:9e:a3:e5:48:81:e5:4e:03:34:a9:03:f3:78:6f:
                    b3:6e:df:b5:a3:77:6d:d0:69:93:05:0d:da:cb:9a:
                    24:d5:94:3a:03:be:da:5c:ae:d0:e5:4d:20:9b:50:
                    b8:40:4c:d0:69:c1:39:c5:6f:25:26:2a:dd:4b:df:
                    90:9a:5d:26:e0:78:58:57:64:e0:be:c5:1c:ca:ba:
                    00:32:3b:39:be:23:43:ea:b7:9b:ae:20:21:7b:2b:
                    d8:7a:fc:5c:bc:fb:e2:81:95:7e:72:b0:41:ec:88:
                    52:79:23:dd:2b:99:57:9f:ae:66:bb:1f:4b:c2:28:
                    68:f2:aa:63:59:20:5c:3b:dc:e5:26:8f:65:8a:ba:
                    a1:ef:8f:75:da:f7:4f:b6:29:ea:14:87:41:77:00:
                    62:85:5f:08:69:96:0e:fe:f8:90:a3:47:46:e5:ea:
                    92:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:31:4C:68:19:52:0B:6B:16:8C:C2:67:35:E9:63:67:6E:D3:7A:3F
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/lTFMaBlSC2sWjMJnNeljZ27Tej8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.125.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:72:23:fc:e0:b9:d7:73:da:3c:b7:a5:45:90:66:09:79:0a:
         46:c7:03:77:fc:42:c5:7b:ca:3f:38:bf:50:26:d6:95:fc:a7:
         1e:ae:4a:b3:b0:c2:f7:99:9f:81:21:b7:ae:32:8e:1c:c5:40:
         bd:a9:fc:2f:0b:a3:5c:d2:01:53:e6:59:2c:99:f1:11:52:c8:
         8b:ce:f3:16:a8:43:86:8c:08:f9:9d:41:d2:bb:5b:50:af:c1:
         de:91:45:b9:21:a3:d2:7b:69:5f:61:d6:f5:61:73:43:14:37:
         35:73:d8:f1:b3:33:91:14:eb:00:bb:2b:78:7e:8b:2d:9f:97:
         ac:18:aa:94:c1:88:bb:0a:75:56:8f:b0:75:e6:4f:df:5c:7c:
         35:ba:e4:fd:9f:35:24:f3:43:51:c5:83:92:ed:50:6d:7b:97:
         50:f6:85:3c:29:59:84:02:f0:d2:2f:07:6d:e9:fd:5d:1e:1f:
         bf:38:4d:f3:90:43:30:85:e8:80:7d:3a:02:25:9f:15:01:4e:
         43:9b:66:fb:93:98:d8:3d:fc:84:5e:ce:15:d7:34:83:6b:cf:
         78:5f:33:dc:fe:bf:46:f9:4a:a8:dc:c0:e7:c8:08:8b:11:75:
         7e:3a:30:42:41:6d:86:3a:ba:04:72:16:7a:a2:72:de:15:01:
         6c:38:df:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0Z1qSrz81yK8KBP0o2oI3MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwMzIzMDgzNjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTMxNGM2ODE5NTIwYjZiMTY4Y2MyNjczNWU5NjM2NzZlZDM3YTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVKGs8fwpB4UixmXD6rJKoTaO9qL
9HW4avIjPnoesg6+a8z9ksv7uqNQJ7wpolOGEtk3MAqV6qR3cTytr0Iv1cF9yS7k
XivOhh60aL/dHr2vsw1LzeqEJoqsnqPlSIHlTgM0qQPzeG+zbt+1o3dt0GmTBQ3a
y5ok1ZQ6A77aXK7Q5U0gm1C4QEzQacE5xW8lJirdS9+Qml0m4HhYV2TgvsUcyroA
Mjs5viND6rebriAheyvYevxcvPvigZV+crBB7IhSeSPdK5lXn65mux9Lwiho8qpj
WSBcO9zlJo9lirqh74912vdPtinqFIdBdwBihV8IaZYO/viQo0dG5eqSnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJUxTGgZUgtrFozCZzXpY2du03o/MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvbFRGTWFCbFNDMnNXak1Kbk5lbGpaMjdUZWo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWX1mMA0G
CSqGSIb3DQEBCwUAA4IBAQBdciP84LnXc9o8t6VFkGYJeQpGxwN3/ELFe8o/OL9Q
JtaV/KcerkqzsML3mZ+BIbeuMo4cxUC9qfwvC6Nc0gFT5lksmfERUsiLzvMWqEOG
jAj5nUHSu1tQr8HekUW5IaPSe2lfYdb1YXNDFDc1c9jxszORFOsAuyt4fostn5es
GKqUwYi7CnVWj7B15k/fXHw1uuT9nzUk80NRxYOS7VBte5dQ9oU8KVmEAvDSLwdt
6f1dHh+/OE3zkEMwheiAfToCJZ8VAU5Dm2b7k5jYPfyEXs4V1zSDa894XzPc/r9G
+Uqo3MDnyAiLEXV+OjBCQW2GOroEchZ6onLeFQFsON9Y
-----END CERTIFICATE-----